[c-nsp] netflow tools
Jeff Wojciechowski
Jeff.Wojciechowski at midlandpaper.com
Mon Sep 20 10:07:12 EDT 2010
Filter on AS - absolutely.
You can sort on any combination of the following on a particular interface/time period/inbound/outbound:
Applications Defined, Applications NBAR, AS, Country (based on geo lookup), Domain, Flow Template, Host to Host, Inbound Threshold, IP Host, IP Range, Subnet, Next Hop, Protocol, Source/Destination Port, Subnet to Subnet, TCP Flags, Types of Service, and Well known ports.
As far as volume and numbers of flows that depends on what box is hosting Scrutinizer. I can't seem to find the link on their site that gave guidelines...
However, you should probably check out the demo and contact Plixer support for recommended config of your Scrutnizer box.
Oh and we ran the demo for ~6 mos before purchasing. It was good enough until we needed to see historical statistics.
Thanks,
-Jeff
From: Sharlon R. Carty [mailto:me at sharloncarty.net]
Sent: Monday, September 20, 2010 8:55 AM
To: Jeff Wojciechowski
Cc: Bøvre Jon Harald; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] netflow tools
Can I easily filter based on AS number? Can it handle 500 mbit of traffic?
On Mon, Sep 20, 2010 at 8:38 AM, Jeff Wojciechowski <Jeff.Wojciechowski at midlandpaper.com<mailto:Jeff.Wojciechowski at midlandpaper.com>> wrote:
I give Scrutinizer 5 stars!! We have ours running in a windows VM and are keeping 1 month worth of 1 minute data across our network and I can't believe how many minor configuration issues I have found just by looking at 'normal' traffic and then at some point in the future seeing something that doesn't look right.
Couple things I wish it would do:
1) is to be able to send email alerts directly based on various alarms (instead of just generating a syslog now). I have been working with the folks at Plixer on the 8 beta (actually installing 8.0.0 RC 1 right now) and they say that this feature will be in one of the next releases.
2) have traffic analysis such as find high point of traffic on specific interface in past X days and I am told something like this is coming down the pike too.
Thanks,
-Jeff
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net<mailto:cisco-nsp-bounces at puck.nether.net> [mailto:cisco-nsp-bounces at puck.nether.net<mailto:cisco-nsp-bounces at puck.nether.net>] On Behalf Of Bøvre Jon Harald
Sent: Monday, September 20, 2010 12:14 AM
To: mail at sharloncarty.net<mailto:mail at sharloncarty.net>; cisco-nsp at puck.nether.net<mailto:cisco-nsp at puck.nether.net>
Subject: Re: [c-nsp] netflow tools
Scruitinizer from plixer.com<http://plixer.com/> as a low-cost windows alternative
Jon
________________________________________
Fra: cisco-nsp-bounces at puck.nether.net<mailto:cisco-nsp-bounces at puck.nether.net> [cisco-nsp-bounces at puck.nether.net<mailto:cisco-nsp-bounces at puck.nether.net>] på vegne av Sharlon R. Carty [me at sharloncarty.net<mailto:me at sharloncarty.net>]
Sendt: 20. september 2010 01:01
Til: cisco-nsp at puck.nether.net<mailto:cisco-nsp at puck.nether.net>
Emne: [c-nsp] netflow tools
Hello,
Anyone know of any netflow collector tools that can filter the data based on ASN? The majority tools I have tried filter based on IP address, IP group, domain name etc.
Looking for something that can show me x amount of traffic from asn124 and so on etc
--
--sharlon
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net<mailto:cisco-nsp at puck.nether.net> https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net<mailto:cisco-nsp at puck.nether.net> https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
This electronic mail (including any attachments) may contain information that is privileged, confidential, or otherwise protected from disclosure to anyone other than its intended recipient(s). Any dissemination or use of this electronic mail or its contents (including any attachments) by persons other than the intended recipient(s) is strictly prohibited. If you have received this message in error, please delete the original message in its entirety (including any attachments) and notify us immediately by reply email so that we may correct our internal records. Midland Paper Company accepts no responsibility for any loss or damage from use of this electronic mail, including any damage resulting from a computer virus.
--
--sharlon
________________________________
This electronic mail (including any attachments) may contain information that is privileged, confidential, or otherwise protected from disclosure to anyone other than its intended recipient(s). Any dissemination or use of this electronic mail or its contents (including any attachments) by persons other than the intended recipient(s) is strictly prohibited. If you have received this message in error, please delete the original message in its entirety (including any attachments) and notify us immediately by reply email so that we may correct our internal records. Midland Paper Company accepts no responsibility for any loss or damage from use of this electronic mail, including any damage resulting from a computer virus.
More information about the cisco-nsp
mailing list